In the forum module, it is possible for users to create threads and posts without paying any deposit or burning additional funds. This has two consequences:
It allows attackers to fill the blockchain storage at very little cost
It allows an attacker to create a lot of posts in a certain thread, exhausting the MAXIMUM_POSTS limit. As a result, the attacker can prevent other users from creating posts and in effect perform a Denial of Service attack against the forum.
Requiring a deposit for a thread and a forum post would mitigate this issue.
Issue
The forum module allows users to create threads and add posts to them. Both of those operations result in a storage write to the on-chain storage. Note that this storage write is only of a fixed size, since the post text and post/thread title is hashed. The forum module does not require any deposit for creating threads or posts.
This has the following consequences:
It allows attackers to fill the blockchain storage at very little cost, by creating a lot of threads/posts.
It allows an attacker to create a lot of posts in a certain thread, exhausting MaxPostsInThread limit. As a result, the attacker can prevent other users from creating posts and in effect perform a Denial of Service attack against the forum. In the same vein, an attacker could exhaust the MaxThreadsInCategory limit for a certain Category.
Since any forum user can create threads and posts, this attack can be carried out by any forum user.
Note that forum posts and threads can be deleted, but this requires additional work from a moderator/working group lead.
Risk
This issue would allow an attacker to fill up the blockchain storage by creating a lot threads and posts. A full storage is problematic because it could lead to an infeasible amount of storage being required to run a blockchain node.
Since the posts and threads only require a fixed size on-chain and can be deleted by a forum moderator/working group lead, this issue is only of moderate severity.
Mitigation
We suggest to require deposit for forum posts/threads that will be frozen for a certain amount of time. If a moderator does not "reject" the posts and/or threads created, the deposit should be unfrozen. If a post/thread is rejected, the deposit should be burned.
By introducing a deposit for posts/threads, Joystream can also remove the MaxPostsInThread and MaxThreadsInCategory limit.
Another way to mitigate this issue is to require the user to burn some money every-time a thread or post is created, similar to way burning a certain stake is required when buying a membership.
Mitigating this issue will also help mitigating issue #6.
Summary
In the
forummodule, it is possible for users to create threads and posts without paying any deposit or burning additional funds. This has two consequences:MAXIMUM_POSTSlimit. As a result, the attacker can prevent other users from creating posts and in effect perform a Denial of Service attack against the forum.Requiring a deposit for a thread and a forum post would mitigate this issue.
Issue
The
forummodule allows users to create threads and add posts to them. Both of those operations result in a storage write to the on-chain storage. Note that this storage write is only of a fixed size, since the posttextand post/threadtitleis hashed. Theforummodule does not require any deposit for creating threads or posts. This has the following consequences:MaxPostsInThreadlimit. As a result, the attacker can prevent other users from creating posts and in effect perform a Denial of Service attack against the forum. In the same vein, an attacker could exhaust theMaxThreadsInCategorylimit for a certain Category.Since any forum user can create threads and posts, this attack can be carried out by any forum user.
Note that forum posts and threads can be deleted, but this requires additional work from a moderator/working group lead.
Risk
This issue would allow an attacker to fill up the blockchain storage by creating a lot threads and posts. A full storage is problematic because it could lead to an infeasible amount of storage being required to run a blockchain node.
Since the posts and threads only require a fixed size on-chain and can be deleted by a forum moderator/working group lead, this issue is only of moderate severity.
Mitigation
We suggest to require deposit for forum posts/threads that will be frozen for a certain amount of time. If a moderator does not "reject" the posts and/or threads created, the deposit should be unfrozen. If a post/thread is rejected, the deposit should be burned. By introducing a deposit for posts/threads, Joystream can also remove the
MaxPostsInThreadandMaxThreadsInCategorylimit.Another way to mitigate this issue is to require the user to burn some money every-time a thread or post is created, similar to way burning a certain stake is required when buying a membership.
Mitigating this issue will also help mitigating issue #6.